Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Jan 2014 09:28:39 -0500
From: Daniel Kahn Gillmor <dkg@...thhorseman.net>
To: oss-security@...ts.openwall.com, 736247@...s.debian.org
Subject: Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False):
 insecure use of /tmp

as reported by Jakub Wilk in http://bugs.debian.org/736247, there is a
TOCTOU failure in python's xdg module (see attached message).

Could a CVE be assigned to this?

	--dkg

[ CONTENT OF TYPE message/rfc822 SKIPPED ]

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ